Security expets have new malware that takes extraordinary measures to evade detection and analysis, destroying deleting all hard drive data and rendering a computer inoperable.

Cisco Systems' Talos Group said the Rombertik code is complex that indiscriminately collects everything a user does on the Web, presumably to obtain login credentials and other sensitive data.

It can be installed by clicking on malicious e-mail attachments. Talos researchers reverse engineered the software and found that behind the scenes Rombertik takes a variety of steps to evade analysis.

It contains multiple levels of obfuscation and anti-analysis functions that make it hard for outsiders to peer into its inner workings. But if main yfoye.exe component detects the malware is under the microscope of a security researcher or rival malware writer, Rombertik will self-destruct, taking along with it the contents of a victim's hard drive.

Once the unpacked version of Rombertik within the second copy of yfoye.exe begins executing, one last anti-analysis function is run — which turns out to be particularly nasty if the check fails. The function computes a 32-bit hash of a resource in memory, and compares it to the PE Compile Timestamp of the unpacked sample. If the resource or compile time has been altered, the malware acts destructively. It first attempts to overwrite the Master Boot Record (MBR) of PhysicalDisk0, which renders the computer inoperable. If the malware does not have permissions to overwrite the MBR, it will instead destroy all files in the user's home folder (e.g. C:\Documents and Settings\Administrator\) by encrypting each file with a randomly generated RC4 key. After the MBR is overwritten, or the home folder has been encrypted, the computer is restarted.

The Master Boot Record starts with code that is executed before the Operating System. The overwritten MBR contains code to print out "Carbon crack attempt, failed", then enters an infinite loop preventing the system from continuing to boot.

Talos has observed anti-analysis and anti-debugging techniques in malware samples in the past, Rombertik is unique in that it actively attempts to destroy the computer if it detects certain attributes associated with malware analysis.

Rombertik also uses a variety of less destructive ways to keep its inner workings secret.

To evade sandbox tools that allow malware to run in a carefully controlled laboratory environment, the malware writes a byte of random data to memory 960 million times. The delay trips up the sandbox tool. Random writing to memory thwarts analysis tools that attempt to document the precise malware behaviours.

The New York Police department has a clever way of making sure its story gets across on Wikipedia – it edits the site until it says what it wants.

New York Police Department’s computers at its 1 Police Plaza headquarters were used to alter Wikipedia pages containing details of alleged police brutality.

The coppers edited and attempted to delete Wikipedia entries for several well-known police victims including entries for Eric Garner, Sean Bell, and Amadou Diallo. Capital identified 85 NYPD addresses that have edited Wikipedia, although it is unclear how many users were involved, as computers on the NYPD network can operate on the department’s range of IP addresses.

NYPD IP addresses have also been used to edit entries on stop-and-frisk, NYPD scandals, and prominent figures in the city’s political and police leadership.

For example on December 3, after a Staten Island grand jury ruled not to indict NYPD Officer Daniel Pantaleo in the death of Eric Garner, a user on the 1 Police Plaza network made multiple edits, visible here and here, to the “Death of Eric Garner” Wikipedia entry.

Lines like “Garner raised both his arms in the air” was changed to “Garner flailed his arms about as he spoke. “Push Garner's face into the sidewalk” was changed to “push Garner's head down into the sidewalk. Use of the chokehold has been prohibited” was changed to “Use of the chokehold is legal, but has been prohibited.”

The word “chokehold” was replaced twice, once to “chokehold or headlock,” and once to “respiratory distress.”

The NYPD is apparently investigating the claim that its officers are now trying to re-write history, but we would not hold our breath on this one.

A Kiwi court hearing into the arrest of Megaupload founder Kim Dotcom has heard how the Kiwi police beat him up during an illegal raid. Dotcom told a court how in Auckland today that he was punched and kicked by police during the raid in January.

He told the court that he was installing a Windows update on his computer when he heard a helicopter overhead. When he heard the pinging sound of stones and gravel. The next thing he heard was a a loud banging at his bedroom door. He went to a safe room, where he was found by police.

Dotcom said he put his hands up when police entered the room, but he was punched, kicked and pushed to the ground. Dotcom told crown prosecutor John Pike he would have co-operated with police had they knocked on his door, rather than banging it down.

The raid was organised by the police special tactics group. The copper, whose name is suppressed, was questioned by defence lawyer Paul Davison about whether the police response was appropriate given the level of risk posed by Dotcom. Images and CCTV footage of the raid have been suppressed as well.

The raid was ruled illegal because the police had not applied for the right warrant. In any event, they seem to have treated Dotcom like he was the arms dealing, drugs smuggler that Big Content claimed, rather than the fairly obvious rotund P2P pirate.

Police are asking Nominet for the power to request a domain be blocked without a court order. The Serious and Organised Crime Agency (SOCA) has asked Nominet to move ahead with rules (PDF) that could allow law enforcement agencies to request a domain be shut down without a court order.

Apparently Nominet is OK with the idea. Currently Nominet’s rules don’t allow for domains to be shut down for criminal reasons, though in the past it has blocked domains at the request of law enforcement agencies on the pretext that they provided false contact details.

Nominet's plans will mean that suspension of a domain will not require a court order but should be limited to circumstances where necessary “to prevent serious and immediate consumer harm”. It would only cover serious crime cases in the UK which apparently means fraud, prostitution, money laundering, blackmail and copyright infringement. Not quite sure how prostitution and copyright infringement became a serious crime.

Nominet would only accept take-down requests from law enforcement bodies with which it has a trusted relationship so Neighbourhood Watch schemes are probably not included, nor local vigilantes.

Anonymous is threatening to bring down the UK judiciary and the Metropolitan police's computer systems today. Apparently this is in response to News International's phone hacking scandal and at the extradition proceedings against WikiLeaks founder Julian Assange.

A Twitter feed purporting to belong to Sabu, a senior figure within the group and the founder of the spin-off group LulzSec, which hacked a site linked to the CIA and the UK's Serious Organised Crime Agency, promised two releases of information would be launched within a day. A follow-up message read: "ATTN Intelligence community: Your contractors have failed you. Tomorrow is the beginning."

Chat channels has suggested several top-level members of Anonymous are eager to launch attacks based around Julian Assange's appeal hearing against extradition, which begins today. There are rumours that an Anonymous member had broken into the News International servers and taken copies of some internal emails which were being offered for sale.

Civil rights group Big Brother Watch claims to have uncovered the true extent to which police abuse their access to confidential databases. Its own report is fairly topical, given that former Downing Street Head of Communications Andy Coulson and one time News of the World Editor paid the police in order to receive privileged information.

According to Big Brother Watch figures between 2007 and 2010 243 Police officers and staff received criminal convictions for breaching the Data Protection Act (DPA). Around 98 Police officers and staff had their employment terminated for breaching the DPA and 904 cops were subjected to internal disciplinary procedures for breaching the DPA. It has arranged a full breakdown of results by local police authority at its site here.

Daniel Hamilton, Director of Big Brother Watch said allegations surrounding Andy Coulson are just the tip of the iceberg. He said it was astonishing to think that 904 Police officers and support staff across England have faced disciplinary action for abusing their access to confidential systems.

The investigation shows that cops run background records checks on friends and possible partners, but sometimes have passed sensitive information to criminal gangs and drug dealers. He said that this was hugely intrusive and, at worse, downright dangerous. He said that UK coppers needed to adopt a zero tolerance approach to this kind of behaviour. Those found guilty of abusing their position should be sacked on the spot.”

One of the worst areas was Merseyside, where 208 officers and police staff received criminal convictions for breaching the DPA since 2007. West Midlands was a long way behind as the runner up with 83 convictions. Kent had the highest number of sackings for DPA breaches since 2007 followed by Merseyside, and West Midlands.

New York City coppers have launched an online investigation after an online posting from a convicted felon confessed to shotting and robbing rapper Tupac Shakur.

Police spokesman Paul Browne said coppers were trying to establish if the post was legitimate. The claim was posted on the website AllHipHop.com. The bloke said he was paid $2,500 by another hip hop mogul to rob Shakur outside a studio in Manhattan in 1994.

Shakur suffered gunshot wounds in the robbery but survived only to be killed in 1996 in another unsolved slaying. According to AP the writer says that he is miffed with the bloke who hired him to carry out the crime. That person has wrongly accused him of being a government informant.

The bloke who hired him allowed him to keep some of the jewellery he stole from Shakur so it should all be provable. He thinks that the statute of limitations is over, and no one can be charged so he might as well say something about the guy who hired him's lies. According to the Federal Bureau of Prisons website, a person by the same name as in the post is serving life in prison and is housed at the Metropolitan Detention Center in Brooklyn.

Coppers have a reason to be suspicious. After all it was recently posted on a news site that Tupac was alive and living in New Zealand. That turned out to be a hacker's hoax.

In a landmark UK case, a teenager has been jailed for 16 weeks after he refused to give coppers the password to his computer. Oliver Drage, 19, of Liverpool, was arrested in May 2009 after coppers wanted to know about a sexual exploitation ring they were investigating.

But coppers were baffled by a 50-character encryption password Drage had on his PC. He was formally asked to disclose his password but failed to do so, which is an offence under the Regulation of Investigatory Powers Act 2000. Coppers are still trying to crack the code on the computer to examine its contents and if there is anything nasty on his PC he will get another day in court.

Det Sgt Neil Fowler pointed out that Drage was previously of good character so the immediate custodial sentence handed down by the judge in this case shows just how seriously the courts take this kind of offence.